Path: ...!2.eu.feeder.erje.net!feeder.erje.net!newsfeed.bofh.team!news.nntp4.net!nntp.terraraq.uk!.POSTED.tunnel.sfere.anjou.terraraq.org.uk!not-for-mail
From: Richard Kettlewell <invalid@invalid.invalid>
Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc
Subject: Re: Torvalds Slams Theoretical Security
Date: Thu, 24 Oct 2024 18:48:57 +0100
Organization: terraraq NNTP server
Message-ID: <wwvv7xh1jee.fsf@LkoBDZeT.terraraq.uk>
References: <pan$26699$6602b79b$4abe425a$df32a923@gnu.rocks>
	<_OmcnZpYmdE-PYX6nZ2dnZfqn_udnZ2d@earthlink.com>
	<wwvldyfmenf.fsf@LkoBDZeT.terraraq.uk> <vfcjir$2gc7o$4@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: innmantic.terraraq.uk; posting-host="tunnel.sfere.anjou.terraraq.org.uk:172.17.207.6";
	logging-data="89136"; mail-complaints-to="usenet@innmantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:D0CoV95MrMd3KB/C+ll28YUeQoI=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
     F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
     +r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
Bytes: 1849
Lines: 14

Lawrence D'Oliveiro <ldo@nz.invalid> writes:
> Richard Kettlewell wrote:
>> The obvious answer is attacks on weak cryptography. RSA-1024 and DH-1024
>> are probably breakable by the biggest SIGINT agencies (and anyone else
>> with comparable compute resources: cloud service providers for example).
>
> Weak cryptography is easy to fix. The hard part to fix is weak random 
> numbers.

Other way round. A bad RNG can be swapped out for a better one with
little or no impact on anything else. Cryptographic choices that are
baked into a protocol or API are a lot more challenging to shift.

-- 
https://www.greenend.org.uk/rjk/